Saturday, October 10, 2015

Infosec is good people

For all that we complain about drama in our community, we are actually good people. At a small conference yesterday, I met "Kath". She just got her degree in advertising, but has become disillusioned. Her classes in web development and app development have shown her how exploitative online advertising can be. ("PHP has made me cry" -- yes, it's made all of us cry at some point).

She's felt alone, as if it were only her who that those feelings, then she discovered the EFF, and privacy activists like Yan (@bcrypt) who have been fighting for privacy. Kath grew up in the middle of nowhere in Texas, and went to college in another middle-of-nowhere place in Texas. Being a muggle, she's never heard of infosec before -- but she got a ticket and flew to New York to attend this little infosec conference where Yan was speaking. (Well, that and also to apply for the NYU graduate program in media).

She found things she didn't expect. She found, for example, how she can contribute, using her skills in usability to make crypto and privacy better for users. She also found a community that was accepting and approachable. Advertising is a hierarchy, with those on top unapproachable from those on the bottom. In infosec, you can just go up and talk to anybody -- and she did.

The conference, "SecretCon", was put on by Elissa Shevinsky (@elissabeth). Elissa didn't focus on the infosec community as such, but instead marketed the conference to otherwise outsiders. It was a highly diverse set of people. I met "Dave" who is building an Android app that needs better authentication, so gets drawn into this community. I met "Kacie", who does sysadmin for a startup education company, who has to secure her systems. While many attendees were outsiders, the speakers were still insiders. No, they weren't there to discuss their latest 0day. The talks were more like TEDx where experts discuss the things they are expert in. I'd actually never seen Jon Callas and Yan speak before -- they are actually great speakers.

My point is this. They all found a nice community. While we spend a lot of time discussing what's wrong with our community, we really rock. So there.

PS: TED sucks, TEDx is less bad -- I don't mean to disparage SecretCon by comparison. I'm just pointing out that it's not the "latest 0day" style insider talks :).